How can Prepared Statements be used with Apache DBUtils?

How can Prepared Statements be used with Apache DBUtils?

It seems that most of the methods for org.apache.commons.dbutils.* expect string arguments. It's surprising that there isn't a method that accepts PreparedStatements.

From the examples page

// Execute the query and get the results back from the handler
Object[] result = run.query(
    "SELECT * FROM Person WHERE name=?", h, "John Doe");

which indicates that there must be a PreparedStatement being used. And in the source for the query method we see

private <T> T query(Connection conn, boolean closeConn, String sql, 
                     ResultSetHandler<T> rsh, Object... params)
...
PreparedStatement stmt = null;
ResultSet rs = null;
T result = null;

try {
    stmt = this.prepareStatement(conn, sql);
    this.fillStatement(stmt, params);
    rs = this.wrap(stmt.executeQuery());
    result = rsh.handle(rs);
} catch (SQLException e) {
...

Conclusion? PreparedStatements are being used, no need to be worried at all.